Hotmail
Messenger
My MSN
MSN Directory
Surprise! You're exposed
'Content inspection' technology
To combat the problem, Schmidt said a small group of companies have popped up that sell software and hardware aimed at tracking data that enters and exits companies.
Called "content management" or "content inspection," the technology looks for signs of misuse and abuse, such as browsing pornographic Web sites or transmitting company secrets.
John Pescatore, an analyst with the Gartner Group, says interest in content inspection technology has spiked this year due to more incidents and greater overall concern about identity theft.
"Security gurus for years have said 70 percent of the problem is insider driven, but nobody wanted to spend money on that," he said. "These threats have given ammunition to the security gurus now."
San Francisco-based Vontu Inc. has its content management software installed at 650 companies. In a study of clients' e-mails completed earlier this year, Vontu said it found 1 in every 500 e-mails sent by company employees contained "confidential information." And nearly half of the e-mails that are sent in violation of company policies contain either "private customer data or intellectual property." Many of those messages violate state and federal regulations.
"It's fair to say in just about every single company we work with there is consumer information going out," said Joseph Ansanelli, Vontu's CEO. He said mistakes can be as simple as this: an employee sends out an Excel spreadsheet which appears to be benign. But there's a second sheet to the file, hidden from plain view, which contains a list of Social Security numbers or other personal information.
Mistakes are often operator error, says Miriam Wugmeister, a New York lawyer who advises U.S. firms on compliance with international data privacy laws.
"I think that what happens is people inside companies become inured to the sensitivity of the information they deal with every day," she said. "People in finance who deal with credit cards all the time forget that information is sensitive, for example. People are human."
Even companies that have strong policies in place often see employees develop troublesome work-arounds, she said.
"There's a rule saying the information has to be password protected, and you find an employee sending a document that's password-protected, but they send the password in the body of the e-mail," she said. "You see things like that."
Who's looking?
"When you start sending things to other companies, you have no power over who is there, who might see it, and who it might be forwarded to," said PrivacyToday.com's Douglas.
Usually, the data is sent outside the firm innocently, said Dan Verton, author of a new book The Insider, which describes the threat of leaked data. Verton relies heavily on Reconnex data for his research, and the firm is promoting his book.
"These are not cases where banks are employing criminals," he said. "They are employing individuals who are inadvertently disclosing and mishandling information. It stems from their willingness to go around security policies and procedures."
Verton said companies across America have failed to create a culture of privacy, and as a result, broken business processes leading to data leaks are rampant.
Wugmeister puts it differently -- she says there's a need for companies to have a culture of compliance. Well-meaning employees who unwittingly expose consumers through work-arounds are often the source of such problems, she said.
"The vast majority of it is inadvertent," she said. "People trying to avoid a hassle and get around the systems put in place." Spot audits to make sure employees aren't sneaking into risky behaviors like using Web-based e-mail services are essential, she said.
- Discuss Story On Newsvine
- Rate Story:
View popularLowHigh - Instant Message
MORE FROM SECURITY |
 Security Section Front |
| Add Security headlines to your news reader: |
Sponsored links
Resource guide